Wordfence Intelligence Weekly WordPress Vulnerability Report (June 19, 2023 to June 25, 2023)

Last week, there were 84 vulnerabilities disclosed in 76 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 42 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface and vulnerability API are completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

---

New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:

• tagDiv Cloud Library < 2.7 – Missing Authorization to Arbitrary User Metadata Update
• WAF-RULE-610 – Information redacted while we work with developer to ensure this vulnerability gets patched.

Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.

---

Total Unpatched & Patched Vulnerabilities Last Week

Patch Status	Number of Vulnerabilities
Unpatched	20
Patched	64

---

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating	Number of Vulnerabilities
Low Severity	0
Medium Severity	69
High Severity	9
Critical Severity	6

---

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE	Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)	35
Missing Authorization	14
Cross-Site Request Forgery (CSRF)	11
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)	9
Authorization Bypass Through User-Controlled Key	5
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)	1
Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’)	1
Improper Neutralization of Formula Elements in a CSV File	1
URL Redirection to Untrusted Site (‘Open Redirect’)	1
Improper Control of Generation of Code (‘Code Injection’)	1
Incorrect Privilege Assignment	1
Information Exposure	1
Insufficient Verification of Data Authenticity	1
Authentication Bypass Using an Alternate Path or Channel	1
External Control of File Name or Path	1

---

Researchers That Contributed to WordPress Security Last Week

Researcher Name	Number of Vulnerabilities
Rafie Muhammad	15
Marco Wotschka (Wordfence Vulnerability Researcher)	7
Rafshanzani Suhada	4
Truoc Phan	4
Abdi Pranata	3
Le Ngoc Anh	3
LEE SE HYOUNG	3
Lana Codes (Wordfence Vulnerability Researcher)	3
Miguel Santareno	2
Alex Thomas (Wordfence Vulnerability Researcher)	2
Erwan LR	2
Mateus Machado Tesser	2
Rio Darmawan	2
Christiaan Swiers	1
drwtsn	1
Fioravante Souza	1
An Đặng	1
Nguyen Xuan Chien	1
Chien Vuong	1
Webbernaut	1
Rio Darmanwan	1
Jonas Höbenreich	1
Skalucy	1
Lucio Sá	1
Mika	1
Fariq Fadillah Gusti Insani	1
Dipak Panchal	1
yuyudhn	1
qerogram	1
Jihoon Lee	1
daniloalbuqrque	1
Taurus Omar	1
qilin_99	1
BOT	1
Robert Lockwood	1
Shunsuke Aoki	1
Bae Song Hyun	1
FearZzZz	1
Bob Matyas	1
Theodoros Malachias	1
Shreya Pohekar	1
Felipe Restrepo Rodriguez	1

 

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.

---

WordPress Plugins with Reported Vulnerabilities Last Week

Software Name	Software Slug
AN_GradeBook	an-gradebook
About Me 3000 widget	about-me-3000
All In One Redirection	all-in-one-redirection
BBS e-Popup	bbs-e-popup
Booking Calendar Contact Form	booking-calendar-contact-form
Booking Calendar | Appointment Booking | BookIt	bookit
Buy Me a Coffee – Button and Widget Plugin	buymeacoffee
CMS Commander – Manage Multiple Sites	cms-commander-client
Colibri Page Builder	colibri-page-builder
Companion Sitemap Generator – HTML & XML	companion-sitemap-generator
Complianz Premium – GDPR/CCPA Cookie Consent	complianz-gdpr-premium
Complianz – GDPR/CCPA Cookie Consent	complianz-gdpr
Contact Form by WPForms – Drag & Drop Form Builder for WordPress	wpforms-lite
Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress	contact-form-to-db
Core Web Vitals & PageSpeed Booster	core-web-vitals-pagespeed-booster
Customer Service Software & Support Ticket System	wp-ticket
Display Custom Fields – wpView	wpview
Elementor Website Builder Pro	elementor-pro
Enable SVG Uploads	enable-svg-uploads
Enable SVG, WebP & ICO Upload	enable-svg-webp-ico-upload
EventON	eventon-lite
Export All URLs	export-all-urls
Extra User Details	extra-user-details
Five Star Restaurant Reservations – WordPress Booking Plugin	restaurant-reservations
Float menu – awesome floating side menu	float-menu
Form Builder | Create Responsive Contact Forms	contact-form-add
Gallery Metabox	gallery-metabox
Gravity Forms	gravityforms
Greeklish-permalink	greeklish-permalink
Gutenverse – Gutenberg Blocks – Page Builder for Site Editor	gutenverse
HTTP Headers	http-headers
Image Protector	image-protector
InventoryPress	inventorypress
JS Help Desk – Best Help Desk & Support Plugin	js-support-ticket
Lana Shortcodes	lana-shortcodes
Lana Text to Image	lana-text-to-image
MStore API	mstore-api
Mail Queue	mail-queue
Mailtree Log Mail	mailtree-log-mail
MainWP Child – Securely Connects Sites to the MainWP WordPress Manager Dashboard	mainwp-child
Membership Plugin – Restrict Content	restrict-content
Metform Elementor Contact Form Builder – Flexible and Design-Friendly Contact Form builder plugin for WordPress	metform
MojoPlug Slide Panel	mojoplug-slide-panel
MyCurator Content Curation	mycurator
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress	ninja-forms
OOPSpam Anti-Spam	oopspam-anti-spam
Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress	wp-user-avatar
Popup by Supsystic	popup-by-supsystic
PostX – Gutenberg Post Grid Blocks	ultimate-post
Potent Donations for WooCommerce	donations-for-woocommerce
PrePost SEO	prepost-seo
Product Vendors	woocommerce-product-vendors
Quick Post Duplicator	rduplicator
ReDi Restaurant Reservation	redi-restaurant-reservation
Sermon’e – Sermons Online	sermone-online-sermons-management
Simple Iframe	simple-iframe
Smoothscroller	smoothscroller
Social Share, Social Login and Social Comments Plugin – Super Socializer	super-socializer
Spam protection, AntiSpam, FireWall by CleanTalk	cleantalk-spam-protect
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)	unlimited-elements-for-elementor
WP Cookie Notice for GDPR, CCPA & ePrivacy Consent	gdpr-cookie-consent
WP Mail Logging	wp-mail-logging
WP Sticky Social	wp-sticky-social
WP-Members Membership Plugin	wp-members
WPBakery Page Builder for WordPress	js_composer
WPForms Pro	wpforms
WooCommerce Brands	woocommerce-brands
WooCommerce Bulk Stock Management	woocommerce-bulk-stock-management
WooCommerce PayPal Payments	woocommerce-paypal-payments
WooCommerce Payments – Fully Integrated Solution Built and Supported by Woo	woocommerce-payments
WooCommerce Square	woocommerce-square
WooCommerce Subscription	woocommerce-subscriptions
WordPress Button Plugin MaxButtons	maxbuttons
google-analytics-premium	google-analytics-premium
tagDiv Cloud Library	td-cloud-library
teachPress	teachpress

---

WordPress Themes with Reported Vulnerabilities Last Week

Software Name	Software Slug
Balkon	balkon
Newspaper – News & WooCommerce WordPress Theme	newspaper

---

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities.

tagDiv Cloud Library < 2.7 – Missing Authorization to Arbitrary User Metadata Update

---

MStore API <= 4.0.1 – Unauthenticated SQL Injection

---

MStore API <= 3.9.7 – Unauthenticated SQL Injection

---

MStore API <= 3.9.8 – Unauthenticated Privilege Escalation

---

BookIt <= 2.3.7 – Authentication Bypass

---

MStore API <= 3.9.7 – Unauthenticated SQL Injection

---

Quick Post Duplicator <= 2.0 – Authenticated (Contributor+) SQL Injection via post_id

---

CMS Commander <= 2.287 – Authorization Bypass through Use of Insufficiently Unique Cryptographic Signature

---

EventON <= 2.1 – Insecure Direct Object Reference to Unauthorized Post Access

---

Mailtree Log Mail <= 1.0.0 – Unauthenticated Stored Cross-Site Scripting via Email Subject

---

Contact Form to DB by BestWebSoft <= 1.7.1 – Authenticated (Administrator+) SQL Injection via ‘s’

---

Colibri Page Builder <= 1.0.227 – Authenticated (Administrator+) SQL Injection via post_id

---

PostX – Gutenberg Blocks for Post Grid <= 2.9.9 – Unauthenticated Cross-Site Scripting

---

Mail Queue <= 1.1 – Unauthenticated Stored Cross-Site Scripting via Email Subject

---

Popup by Supsystic <= 1.10.18 – Prototype Pollution

---

WooCommerce Product Vendors <= 2.1.78 – Authenticated (Shop manager+) SQL Injection

---

All In One Redirection <= 2.1.0 – Authenticated(Administrator+) SQL Injection

---

HTTP Headers <= 1.18.10 – Authenticated(Administrator+) Remote Code Execution

---

WooCommerce Payments <= 5.9.0 – Authenticated (Shop manager+) SQL Injection via currency parameters

---

WooCommerce Payments <= 5.9.0 – Missing Authorization via redirect_pay_for_order_to_update_payment_method

---

Form Builder <= 1.9.9.0 – Cross-Site Request Forgery

---

WooCommerce Subscriptions <= 5.1.2 – missing authorization to insecure direct object reference

---

Ninja Forms <= 3.6.24 – Authenticated (Admin+) Arbitrary File Deletion

---

Sermon’e <= 1.0.0 – Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

---

Lana Shortcodes <= 1.1.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

---

Super Socializer <= 7.13.52 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

---

Enable SVG Uploads <= 2.1.5 – Authenticated (Author+) Stored Cross-Site Scripting via SVG

---

WP Cookie Notice for GDPR, CCPA & ePrivacy Consent <= 2.2.5 – Authenticated(Administrator+) CSV Injection

---

MonsterInsights Pro <= 8.14.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

---

WPBakery Page Builder for WordPress <= 6.12.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

---

Simple Iframe <= 1.1.1 – Authenticated(Contributor+) Stored Cross-Site Scripting via block attributes

---

InventoryPress <= 1.7 – Authenticated(Author+) Stored Cross-Site Scripting

---

Lana Text to Image <= 1.0.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

---

MaxButtons <= 9.5.3 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

---

Elementor Pro <= 3.13.0 – Missing Authorization

---

JS Help Desk – Best Help Desk & Support Plugin <= 2.7.7 – Missing Authorization via ajaxhandler to Insecure Direct Object Reference

---

Spam protection, AntiSpam, FireWall by CleanTalk <= 6.10 – Missing Authorization

---

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.65 – Missing Authorization

---

ProfilePress <= 4.10.3 – Reflected Cross-Site Scripting via error message

---

Export All URLs <= 4.5 – Reflected Cross-Site Scripting

---

Gravity Forms <= 2.7.4 – Reflected Cross-Site Scripting

---

WooCommerce Bulk Stock Management <= 2.2.33 – Cross-Site Scripting

---

Complianz <= 6.4.4 (Premium <= 6.4.6.1) – Cross-Site Request Forgery to Stored Cross-Site Scripting

---

Companion Sitemap Generator <= 4.5.1.1 – Reflected Cross-Site Scripting

---

Five Star Restaurant Reservations <= 2.6.7 – Reflected Cross-Site Scripting

---

Booking Calendar Contact Form <= 1.2.40 – Reflected Cross-Site Scripting

---

WP Sticky Social <= 1.0.1 – Cross-Site Request Forgery to Stored Cross-Site Scripting

---

teachPress <= 9.0.2 – Reflected Cross-Site Scripting via meta_field_id and cite_id

---

Contact Form by WPForms (Free and Premium) <= 1.8.1.2 – Reflected Cross-Site Scripting

---

Restrict Content <= 3.2.2 – Reflected Cross-Site Scripting

---

Balkon <= 1.3.2 – Reflected Cross-Site Scripting

---

MainWP Child <= 4.4.1.1 – Information Disclosure via Back-Up Files

---

OOPSpam Anti-Spam <= 1.1.44 – Cross-Site Request Forgery via empty_ham_entries and empty_spam_entries

---

Enable SVG, WebP & ICO Upload <= 1.0.3 – Authenticated (Author+) Stored Cross-Site Scripting via SVG

---

Metform Elementor Contact Form Builder <= 3.3.2 – Cross-Site Request Forgery via permalink_setup

---

Greeklish-permalink <= 3.3 – Missing Authorization via cyrtrans_ajax_old AJAX action

---

Gutenverse <= 1.8.5 – Missing Authorization via ‘data/update’ API Endpoint

---

Restrict Content <= 3.2.2 – Missing Authorization to Notice Dismissal

---

BBS e-Popup <= 2.4.5 – Missing Authorization

---

EventON <= 2.1 – Missing Authorization to Event Access

---

ReDi Restaurant Reservation <= 23.0211 – Missing Authorization

---

Core Web Vitals & PageSpeed Booster <= 1.0.12 – Open Redirect via _wp_http_referer

---

Smoothscroller <= 1.0.0 – Authenticated (Administrator+) Stored Cross-Site Scripting

---

Float menu <= 5.0.2 – Authenticated(Administrator+) Stored Cross-Site Scripting

---

MojoPlug Slide Panel <= 1.1.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

---

PrePost SEO <= 3.0 – Authenticated(Administrator+) Stored Cross-Site Scripting

---

Extra User Details <= 0.5 – Authenticated (Administrator+) Stored Cross-Site Scripting

---

Customer Service Software & Support Ticket System <= 5.12.0 – Authenticated (Administrator+) Stored Cross-Site Scripting

---

About Me 3000 widget <= 2.2.6 – Authenticated (Administrator+) Stored Cross-Site Scripting

---

wpView <= 1.3.0 – Authenticated(Administrator+) Stored Cross-Site Scripting

---

AN_GradeBook <= 5.0.1 – Authenticated(Administrator+) Stored Cross-Site Scripting

---

Image Protector <= 1.1 – Authenticated (Administrator+) Stored Cross-Site Scripting

---

Buy Me a Coffee – Button and Widget Plugin <= 3.6 – Authenticated (Administrator+) Stored Cross-Site Scripting

---

WooCommerce Square <= 3.8.1 – Missing Authorization via multiple AJAX actions

---

WooCommerce PayPal Payments <= 2.0.4 – Cross-Site Request Forgery

---

Complianz <= 6.4.5 (Premium <= 6.4.7) – Cross-Site Request Forgery

---

MyCurator Content Curation <= 3.74 – Cross-Site Request Forgery

---

Extra User Details <= 0.5 – Cross-Site Request Forgery

---

Gallery Metabox <= 1.5 – Missing Authorization via refresh_metabox

---

Potent Donations for WooCommerce <= 1.1.9 – Cross-Site Request Forgery in hm_wcdon_admin_page

---

WooCommerce Brands <= 1.6.49 – Cross-Site Request Forgery

---

WP-Members Membership <= 3.4.7.3 – Cross-Site Request Forgery to Settings Update

---

WP Mail Logging <= 1.11.2 – Missing Authorization to Notice Dismissal

---

Gallery Metabox <= 1.5 – Missing Authorization via gallery_remove

---

As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.